Internal

The profound statements of the Declaration of Helsinki and Belmont Report motivated a rich and active discipline of bioethics growing alongside traditional biomedical research. Unfortunately, no equivalently active ethics discipline has parallelled the growth of computer security research, where serious ethical challenges are regularly raised by studies of increasingly sophisticated security threats (e.g., worms, botnets, phishing). In this absence, program committees and funding agencies are routinely asked to judge the acceptability of our research studies. Such judgments are often difficult due to a lack of community consensus on ethical standards, disagreement about who should enforce standards and how, and limited experience applying ethical decision-making methods. The need for such a community, touching on the extensive field of ethical decision making, examining existing ethical guidelines and enforcement mechanisms used by the computer security research community, and calling our community to joint action to address this broad challenge are the focus of this presentation.